tag:www.schneier.com,2015:/blog//2/tag:www.schneier.com,2014:/blog//2.5902-2015-02-17T05:22:15ZComments for Russia Paying for a Tor BreakA blog covering security and security technology.Movable Typetag:www.schneier.com,2014:/blog//2.5902-comment:6675710Comment from Dave Monroe on 2014-08-01Dave Monroe
I am a newb this blog. I am not a newb to security. Break TOR? The tech behind TOR appears sound. I have tracked (as best I can) every single compromise that has happened to the TOR network for at least the past three years and an all cases have either found bad user practices to be at the center of the compromise or some three letter agency exploit like Foxacid or Quantum. With the current politics between the US gov't this reward is a means of bloviating by the Russians.]]>
2014-08-01T22:03:10Z2014-08-01T22:03:10Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675540Comment from Jarda on 2014-07-30Jarda
There's another possibility: 3) Russia ruled out the possibility to break TOR, so they make a tender where participants must pay a subscription fee (that's how I read the store elsewhere), knowing that the idea of profit will attract many. With the probability of paying the reward rather low Russia might make some extra money to pay hookers and booze for the government guys. ;-)]]>
2014-07-30T22:58:11Z2014-07-30T22:58:11Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675532Comment from Benni on 2014-07-30Benni
Regarding tor, they have now the following security advisory:

"On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks."

Funny honeypot indeed....

The anonymity of tor is an offer that is likely to be broken if they put some effort into it.

So everything that goes over tor has to be very strongly encrypted. That means you have to communicate over tor only with people whose certificates you can check.

]]>
2014-07-30T17:32:13Z2014-07-30T17:32:13Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675516Comment from 01 on 2014-07-3001
@3g3iuhi3ugh398hello So you can't request a chain order change as any node in a chain and get full meta data for every node including the index of your own node, all using API?

Could you say that in English, please ?

]]>
2014-07-30T12:21:16Z2014-07-30T12:21:16Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675502Comment from 3g3iuhi3ugh398hello on 2014-07-293g3iuhi3ugh398hello
@DaveK: So you can't request a chain order change as any node in a chain and get full meta data for every node including the index of your own node, all using API? Better tell the TOR team that so they can fix their docs and remove it from their libraries..

Your 'wrong' claim towards my FSB foreign station comments are also apically contradicted by about half a century worth of world events and data..

If you're going to tell people they're wrong at least know what you're talking about.. You basically said I was wrong not even giving technical or even vague details as to why.. Which means you likely don't even know much of the subject matter and are one of the soccer dad spooks these comments are becoming known for.. Stick to sports..

]]>
2014-07-30T04:51:34Z2014-07-30T04:51:34Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675499Comment from Thoth on 2014-07-29Thoth
What de-anonymizes Tails is the I2P's Javascript attack..

What de-anonymizes Tor is usually the exit nodes..

What breaks your internet transactions over SSL/TLS is endpoint..

What breaks your end-to-end crypto is endpoint..

The problem we are now seeing is more of the endpoint security. You are doing crypto/trusted ops on an untrusted system. People are trying to create blackbox HSMs and who knows what's inside them.

It's very hard to define a silver bullet since we are pretty much surrounded by organisations bent on stamping out what remains of our rights and freedom.

The very last thread probably would lie in openness and transparency. Transpraent designs, transparent implementation, transparent testing, transparent deployment.

IACR is flooded with algos and protoocols that are interesting but the more specific algos and protocols we rarely see is the kind of algos and protocols that not just return some vague results but return results that proof their correctness. We should be heading this direction of provable computation. This would fall under transparent design.

HSMs should not be blackboxes and should be transparent in their design, implementation and testing which is same for softwares.

It's not so much about TOR being broken, TOR in and of itself may not be. It's what Nick said about endpoint security. For example, your IP connects to a known TOR node, or identifying information about you comes out the end, they can find ways to attack your systems specifically. Like the some of the NSA's attacks, they can identify what browser you're using for what and what OS you use, then use an exploit they know about for that particular system. Once they get in, they have the keys to the kingdom and that's the end of any encryption or anonymity tools or whatever else you use. Without good endpoint security, everything is useless...

]]>
2014-07-30T00:34:50Z2014-07-30T00:34:50Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675478Comment from AW on 2014-07-29AW
Slightly OT: interesting that even in 2014 a commenter in this thread uses "Soviets" for "Russians".
]]>
2014-07-29T22:20:45Z2014-07-29T22:20:45Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675469Comment from Nick P on 2014-07-29Nick P
@ 65535

Here was my last post on Tor and Java-based Freenet. I identified the reasons a very managed language like Java shouldn't be used in a project like this. I also identified attack surface and subtle issues that can ruin something like Tor. I pointed out that the attackers are so powerful that only a high robustness approach can be trusted. And then I gave specific recommendations on what to use to achieve that.

Since then, I'll add secure hardware, I/O, and firmware to that list. The OS and application layer stuff can still do fine, esp on something like CHERI processor with IOMMU and crypto engine added. That would all still be small enough to fit on an inexpensive FPGA.

The simplest method, though, is the old one I advocated for VPN's and S-VOIP: use three to four dedicated devices. Two are the internal and external facing transport stacks running a minimal of hardened code. They do networking, firewalls, initial protocol translation, and maybe sanity checks. They pass this to the middle system whose hardware is picked for trustworthiness. It runs the core Tor functions on a separation kernel architecture. You can either use secure hardware here or a non-DMA'd form of I/O. Original designs used VIA ARTIGO's that had onboard virtualization, TRNG, crypto, etc at 25W of power and $300 new. Today, one might use raspberry PI's or Freescale's cheap ARM/PPC boards. Some Freescale boards even have onboard crypto and IOMMU. Assume the board might be subverted by where ever its builder operates, though.

Nice addition. And from one of my favorite sources of good papers: Navy's Center for High Assurance Computer Systems. A few of INFOSEC history's top minds work there, with their researchers steadily producing interesting theoretical and practical work.

]]>
2014-07-29T20:03:28Z2014-07-29T20:03:28Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675463Comment from gordo on 2014-07-29gordo
The first paper cited below is not listed on the "Selected Papers in Anonymity" page
( http://freehaven.net/anonbib/ - from Nick P's cite earlier in this thread):

]]>
2014-07-29T19:31:05Z2014-07-29T19:31:05Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675458Comment from nesih on 2014-07-29nesih
@DB If you take into consideration the substantial combined intelligence budget of 5-Eyes and bear in mind that it is almost certain that there is collusion between -- at least -- those five members (plus probably other friendly faces like Germany, France, Netherlands, etc.) in the monitoring of entry & exit nodes, I would imagine (with no solid evidence to back it up) that a vast percentage of Tor traffic is being deanonymized. Having said that, it would be almost impossible to deanonymize the entire network all the time, and it brings a smile to my face every time I think of how many billions of dollars the suckers are spending on confirming whether I'm having peach or apple juice on my online shopping this week.]]>
2014-07-29T18:11:19Z2014-07-29T18:11:19Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675447Comment from 65535 on 2014-07-2965535
Nick P comes through again.

I looked at his list and it is quite long. I like “The Tor Sniper Attack” which seems to be a valid way of disrupting Tor via a DOS attack – but doesn’t really deaonymize users.

The Russian proposal looks authentic. One would have to call the phone numbers and place a deposit to check it out [I am confused by the Russian “security clearance” requirement].

It could be a financial scam given the high deposit compared to modest reward. But, the Russians have been using rewards for years to get projects done. It could be the real thing – which would indicate the Russian’s cannot deanonymize some portions of Tor [they don’t have the largest view of the backbone - yet].

]]>
2014-07-29T15:22:13Z2014-07-29T15:22:13Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675445Comment from WD on 2014-07-29WD
So what if TOR can be hacked? If enough people installed a relay in their home, and used TOR whenever they access the internet - it would send a powerful message while scaring the crap out of those pissants trying to control everyone.

They can't get all of us. So terrorizing the controlniks is still useful. Imagine trying to empty a beach with a spoon. That's what these fools face if the mob starts using TOR.

Driving these people crazy is everyone’s business.

This POS: https://pogoplug.com/safeplug actually seems to work. Easy to use, but probably isn't implemented as securely as it should. Doesn't matter. It relays and it's cheap.

If I were to venture a guess...it's not selling well. Which is a tragedy.

Little pushbacks everywhere demoralize enemies. We should setup a fund for general Alexander's neighbors. Even a trained dog crapping on his doorstep would help, though I'd prefer naked Congressman photos with Alexander's home as the return address.

The United States needs to restore our native distrust and torment of grand pohbahs.

]]>
2014-07-29T14:49:03Z2014-07-29T14:49:03Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675435Comment from AlexT on 2014-07-29AlexT
I'm a bit surprised by this recurring meme about TOR being broken.

Is there anyone with concrete evidence to substantiate this claim ? Yes timing attacks by a state level actor _might_ work, I can buy that. Anything else ? Yes it is a DARPA initiated (and still mainly financed) project. It is also an open source project. Can anyone point out the back doors (or at the very least hint at them) ?

It's actually a moving target. The protocol designers do something hoping for anonymity. Researchers find a new way to defeat that. And so on. The problem is that anonymity of real-time, two-way communication is a little understood security problem. That's on top of INFOSEC itself being only a few decades old, with practitioners barely able to secure a simple client-server setup with existing knowledge. Anonymity + security + untrustworthy networking protocols + performance = a hard problem.

Here's a list of papers, though, that keeps getting updates on the results of the cat and mouse game:

That's exactly what I said! Good thinking. The fact that they can hit endpoints easily means there's no real assurance in using it against such an adversary. Endpoint security must always accompany security protocols. The stronger the adversary, the stronger the endpoint and protocol security required. Tor's focus on usability, performance, and portability leads it to dangerous tradeoffs. Much like mainstream platforms and protocols in general.

]]>
2014-07-29T03:22:34Z2014-07-29T03:22:34Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675413Comment from Chris Abbott on 2014-07-28Chris Abbotthttp://abbottit.com
Well, the connection to the entry node is encrypted but not coming from the exit node, so maybe it's ok for packet sniffing, but they could just monitor that IP address and find a way to get into your machine otherwise...]]>
2014-07-29T02:24:37Z2014-07-29T02:24:37Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675412Comment from Chris Abbott on 2014-07-28Chris Abbotthttp://abbottit.com
My concern about TOR is that every IP address connecting to a known entry/exit node is going to fall under suspicion. They could randomly target (or target in bulk) any of those IPs. The NSA or whoever can then use things like QUANTUM, old-fashioned packet sniffing, or whatever else to get into your machine. Using it might actually be counterproductive, but I can't say for sure. I guess it depends.]]>
2014-07-29T02:22:16Z2014-07-29T02:22:16Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675409Comment from DB on 2014-07-28DB
I really believe that there is some kind of government-sponsored FUD campaign (i.e. really psychological warfare against the general populace) going on sometimes, trying to simply discredit the things they can't so easily hack, steal, and pillage directly...

For example... I strongly suspect that whole black hat talk about how easy it was to de-anonymize Tor that was pulled with no explanation, might be such a thing... i.e. there could easily be no such easy way to de-anonymize it, just some government lackey trying to scare people into thinking maybe there is, with such a proposed talk... then pulling it before they have to actually talk about a whole lot of nothing.

This Russian Tor thing in this post also smells suspiciously more like psych warfare than an actual thing.

On the other hand.. has anyone done any real research about exactly how many Tor nodes have to be compromised in order to really compromise anonymity?

]]>
2014-07-29T01:17:49Z2014-07-29T01:17:49Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675407Comment from DaveK on 2014-07-28DaveK
@3g3iuhi3ugh398hello, I'm not going to bother telling you that you're wrong; the stuff you've come out with doesn't fall into the category of "wrong" but into Pauli's category of "not even wrong".

However I do commend your honesty in admitting that you are engaged in mere armchair speculation unencumbered by any knowledge of how Tor works. That's brave of you. Many of the other comments in this thread would benefit from such a disclaimer.

]]>
2014-07-29T00:46:02Z2014-07-29T00:46:02Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675405Comment from 3g3iuhi3ugh398hello on 2014-07-283g3iuhi3ugh398hello
By the way it's not really surprising there are obvious insecurities that are only hidden by a poorly managed API. This is basically a DARPA project being channeled through some US gov. department that really have no reason to be funding or researching routing and security engineering projects.. Just in case you're wondering why all those US defense grid nodes have been in TOR since early discovery..

There is one logical alternative: Russian activist keep all Russian nodes out of their chains, and the overhead of managing nodes at FSB foreign stations are too expensive..

Also I'm sure people are going to come out of the wood work to tell me how I'm wrong on all points.. Well.. Most of the 'reality' statements here are based on other's security research around TOR, and I'm just making economical observations..

]]>
2014-07-28T21:34:36Z2014-07-28T21:34:36Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675404Comment from 3g3iuhi3ugh398hello on 2014-07-283g3iuhi3ugh398hello
Given Russia has always had the best RE and big-number people, I'm assuming it's a 'ruse' or TOR is actually secure.. Given it's a protocol that basically randomly routes streams and has a new round of encryption per-node, I'm assuming not the ladder..

FYI the protocol supports self-re-ordering anywhere in session, although it DOES randomly place, and whole chain hierarchy data for each node so you can basically just keep re-ordering till your nodes are in the right places. You don't actually need a exploit or cipher weakness,,,,,,, just flood the grid with nodes like the NSA does and use the built in bad design..

]]>
2014-07-28T21:24:31Z2014-07-28T21:24:31Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675403Comment from albert on 2014-07-28albert
Yeah, life is getting tough what with all this security stuff on the internet. The fascists are having a hard time keeping a lid on/monitoring global information exchange. Even that old bogeyman, terrorism, is beginning to lose its value as an excuse for spying on everyone.

What's a mother to do?

Kinda reminds me of the old 60s spy stories, where agents met by fountains and in bathrooms with the shower running, whispering in each others ears. That's where we're headed- again. Well, at least it'll kill Capitalism for a while, and the Ruling Elite will have to recreate feudal states.

I gotta go...

]]>
2014-07-28T20:20:32Z2014-07-28T20:20:32Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675401Comment from Salad on 2014-07-28Salad
I doubt the Russians can break Tor. If they could, they'd just keep it a secret and quietly de-anonymise Tor users from the shadows.]]>
2014-07-28T19:56:37Z2014-07-28T19:56:37Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675400Comment from akf on 2014-07-28akf
So, the russians are financing a bug-bounty program for TOR?]]>
2014-07-28T18:42:01Z2014-07-28T18:42:01Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675397Comment from Anura on 2014-07-28Anura
@uh, Mike

That gives me an idea: Tor, but with every Tor node communicating over i2p.

There is a slight possibility that it would cause additional overhead. It also doesn't solve timing attacks, or malware based attacks, and well, I'm not sure it actually provides a real advantage over Tor alone.

]]>
2014-07-28T17:08:30Z2014-07-28T17:08:30Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675395Comment from xl0 on 2014-07-28xl0
Not entirely correct. The original tender was about conducting research on the _feasibility_ of TOR deanonimization, not the desnonimization itself.]]>
2014-07-28T15:32:32Z2014-07-28T15:32:32Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675394Comment from Alex on 2014-07-28Alex
See also http://zakupkiold.gov.ru/Tender/ViewPurchase.aspx?PurchaseId=239042
"Development of a mobile device to suppress strong-willed resistance using frequency optical effects", the code of the theme: "Marabou".]]>
2014-07-28T14:42:31Z2014-07-28T14:42:31Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675393Comment from securitynewsfreak on 2014-07-28securitynewsfreak
Version 3.6.3 was released on Friday. Have you upgraded? It has various bug fixes.]]>
2014-07-28T14:31:46Z2014-07-28T14:31:46Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675392Comment from uh, Mike on 2014-07-28uh, Mikehttp://xkcd.com/722/
@Joe, the shell game is the ball in a higher-level shell game.]]>
2014-07-28T14:25:26Z2014-07-28T14:25:26Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675391Comment from Joe on 2014-07-28Joe
TOR is a bit like a shell game where a mere mortal can't observe the motion fast enough to follow what's under the shell -- but it's only a matter of time before analysis of exit nodes makes that possible. The encryption used between nodes is also not particularly secure. Those who use it are being watched, so that's a strike against using it discreetly. Finally, many of those who do use it are criminals, which more-or-less gives the world's police states (that includes the US) permission to go after entire servers indiscriminately.

I am shocked anyone still thinks they can use TOR for private communications.

]]>
2014-07-28T14:16:34Z2014-07-28T14:16:34Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675390Comment from G on 2014-07-28G
If we're into pointless debates we could also debate
3). The aliens infiltrated the Russian government and are using some ruse to provoke a world war
4) Schneier is lately a secret agent of NSA etc.
etc.

BTW, they say the best first line of a novel includes sex, royalty, humor, and religion: "Dear God, get your hand off of my knee, giggled the queen."

Just substitute modern day hot buttons, and the instant website pops out.

]]>
2014-07-28T14:05:59Z2014-07-28T14:05:59Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675388Comment from keiner on 2014-07-28keiner
How much did the CIA/NSA pay? Just to compare the numbers... :-D]]>
2014-07-28T14:04:03Z2014-07-28T14:04:03Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675385Comment from . on 2014-07-28.http://.
Or #3 they can, but want to get different approaches to do this.]]>
2014-07-28T13:28:56Z2014-07-28T13:28:56Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675384Comment from bcs on 2014-07-28bcs
And when the request vanishes, did they get it filled or did they just give up?]]>
2014-07-28T13:28:04Z2014-07-28T13:28:04Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675382Comment from gordo on 2014-07-28gordo
From a post by Pierluigi Paganini on his “Security Affairs” blog:

The tender, titled “Perform research, code ‘TOR’ (Navy),” was posted on July 11th on the official procurement website.

The competition is arranged by the Russian Government “in order to ensure the country’s defense and security.”

I asked a collegue to help me to translate the original tender, the spelling of “TOP” comes from that original document (all-caps, Russian transliteration). The tender is about the Tor indeed. The term “Scientific Production Association” (Научно -производственное Объединение) is a Soviet/Russian cover word for a military or a KGB/FSB R&D outlet. The one in question belongs to the Interior Ministry which is in charge of police and penitentiary.

The tender requires active security clearance specifically in the LI (though I wonder if “legal” is applicable to Russia at all) and a general high level security clearance.

]]>
2014-07-28T13:17:56Z2014-07-28T13:17:56Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675381Comment from Dave Howe on 2014-07-28Dave Howe
Perhaps they know a solution exists, but not the details - hence, while not enough to tempt an exclusive holder of that info to divulge it, it could well be more than enough to tempt a member of a hacker group or intelligence agency to gain a little extra cash being the first to sell on the info.

Alternatively, given the entry fee, its a scheme to make money from entry fees? :)

]]>
2014-07-28T12:38:05Z2014-07-28T12:38:05Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675380Comment from Clive Robinson on 2014-07-28Clive Robinson
My guess is it is rather more for the political message than any hope of getting anywhere. Afterall the sum of money won't buy you much even in Russia.

However if the story of it gets widely known nd "scares" Russian users off of Tor then I suspect there will be smiling around Putin and friends.

Also I would not rule out the fact it might be in retaliation of events relating to the goings on in the Ukrain. Putin is known to be up to his neck in Internet Intimidation tactics both on a national and international level. And it's known that what Russia regards as the Wests low level assets (ie NGOs etc) use etc Tor.

Then there was the recent UN ITU telecomms meet in Dubia where various nations including Russia tried to wrest some measure of Internet control away from the US...

So many political reasons, few technical reasons.

]]>
2014-07-28T12:36:06Z2014-07-28T12:36:06Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675379Comment from Ampy on 2014-07-28Ampy
That is really contest in which the victor is practically known beforehand between U.S.A and Russia isn't that ?]]>
2014-07-28T12:24:09Z2014-07-28T12:24:09Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675377Comment from C Lamar on 2014-07-28C Lamar
Kinda flies in the face of (now puppet) Snowden's (ostensible) motive.]]>
2014-07-28T12:04:34Z2014-07-28T12:04:34Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675376Comment from gazunga on 2014-07-28gazunga
Is it coincidental that the Soviets are offering to pay for information that was just recently cancelled, as a presentation, at BlackHat ?]]>
2014-07-28T12:00:37Z2014-07-28T12:00:37Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675375Comment from mik on 2014-07-28mik
I don't know if you could infer that all of the Russian government doesn't know how to break Tor - just that some part is interested.

A US analog would be if California police put out a tender to help them break Tor - that wouldn't imply that the FBI and NSA can't figure it out.

]]>
2014-07-28T11:41:12Z2014-07-28T11:41:12Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675374Comment from Anton Nesterov on 2014-07-28Anton Nesterovhttps://komachi.github.io
It's not "let's break Tor" tender, it's tender for report on current weaknesses. Something like "let's translate threat model to Russian and see what we can do after that". That why it's cheap.]]>
2014-07-28T11:28:27Z2014-07-28T11:28:27Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675373Comment from readerrrrr on 2014-07-28readerrrrr
I don't think they can do it. The reward requires a high entry fee, which is probably made to limit the number of applicants. That implies they will actually study the received proposals. If they already knew how to do it, they wouldn't have to restrict the potential applicants to only those who are serious.]]>
2014-07-28T11:26:11Z2014-07-28T11:26:11Ztag:www.schneier.com,2014:/blog//2.5902-comment:6675372Comment from Thoth on 2014-07-28Thoth
Since the American agencies (NSA and other 3 letter agencies) have figured out their ways around Tor, they could somehow figure their way in obtaining the information from the Americans and their allied agencies. Under the table deals or via shell companies, third parties or via espionage are many options the Russians could lay their hands on what the Americans know.

Indeed the price of $114,000 is too cheap for something of that high value (Tor). The exploits for Tor are worth at least in the range of more than 50 million USD.